Ticket #6250 (closed enhancement: fixed)

Opened 2 years ago

Last modified 2 years ago

Improve security

Reported by: airadier Assigned to: airadier
Priority: high Component: TracWikiPrintPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Now, users with TRAC_ADMIN permission can select any file from the system as css, header, or footer, and preview it.

Two fixes should be made:

  1. TracWikiPrintPlugin should not require TRAC_ADMIN permissions for basic configuration. Create a new permission, like WIKIPRINT_ADMIN, to allow non-admin user users to configure Wiki Print.
  1. Allow the TRAC_ADMIN user to disable using files from filesystem in Wiki Print. If the option is disabled, only URLs will be allowed to select css, header or footer.

Attachments

Change History

02/22/10 11:20:59 changed by airadier

  • status changed from new to assigned.

02/22/10 11:24:11 changed by airadier

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [7699]) New version 1.7

  • Improvements resolving image links
  • Added WIKIPRINT_ADMIN and WIKIPRINT_FILESYSTEM permissions (fixes #6250)
  • Replace [[TOC]] with Table of Contents (fixes #6213), and support parameters in TOC and PageOutline? macros

Add/Change #6250 (Improve security)




Change Properties
Action